How Do I Update the Ranger Certificate in MRS 1.9.3?
MRS 1.9.3 is used as an example. Replace it with the actual cluster version. After the certificate is updated, manually clear the alarm indicating that the certificate file is invalid or about to expire.
After the Ranger certificate is updated, its validity period is 10 years.
After the Ranger certificate expires, the Ranger web UI is still accessible, but a message indicating that the certificate is untrusted will be displayed when you access the web UI.
- If Ranger is not installed in the cluster, log in to each master node and run the following command to rename the certificate file:
mv /opt/Bigdata/MRS_1.9.3/install/MRS-Ranger-1.0.1/ranger/ranger-1.0.1-admin/ranger-admin-keystore.jks /opt/Bigdata/MRS_1.9.3/install/MRS-Ranger-1.0.1/ranger/ranger-1.0.1-admin/ranger-admin-keystore.jks_bak
- If Ranger has been installed in the cluster, update the certificate as follows:
- Download MRS_1.9_Patch_UpdateRangerJks_All_20210203.tar.gz from the obs-patch bucket and upload it to the /tmp directory on the node where the active RangerAdmin instance of the cluster runs.
On MRS Manager, choose Service > Ranger > Instance and obtain the IP address of the node where the active RangerAdmin instance runs.
- CN-Hong Kong: https://mrs-patch-ap-southeast-1.obs.ap-southeast-1.myhuaweicloud.com/MRS_Common_Script/MRS_1.9_Patch_UpdateRangerJks_All_20210203.tar.gz
- AP-Bangkok: https://mrs-patch-ap-southeast-2.obs.ap-southeast-2.myhuaweicloud.com/MRS_Common_Script/MRS_1.9_Patch_UpdateRangerJks_All_20210203.tar.gz
- AP-Singapore: https://mrs-patch-ap-southeast-3.obs.ap-southeast-3.myhuaweicloud.com/MRS_Common_Script/MRS_1.9_Patch_UpdateRangerJks_All_20210203.tar.gz
- LA-Sao Paulo: https://mrs-container1-patch-sa-brazil-1.obs.myhuaweicloud.com/MRS_Common_Script/MRS_1.9_Patch_UpdateRangerJks_All_20210203.tar.gz
- LA-Mexico City: https://mrs-container1-patch-na-mexico-1.obs.myhuaweicloud.com/MRS_Common_Script/MRS_1.9_Patch_UpdateRangerJks_All_20210203.tar.gz
- Log in to the node where the active RangerAdmin instance is located and run the following commands:
chmod 700 MRS_1.9_Patch_UpdateRangerJks_All_20210203.tar.gz
chown omm:wheel MRS_1.9_Patch_UpdateRangerJks_All_20210203.tar.gz
su - omm
cd /tmp
tar -zxvf MRS_1.9_Patch_UpdateRangerJks_All_20210203.tar.gz
- Replace the certificate files.
sh updateRangerJks.sh ${IP address of the active master node} ${IP address of the active RangerAdmin node} ${Certificate password}
- This script will restart the controller process. During the restart process, the MRS Manager page may not be viewed.
- Obtain the IP address of the active master node from Hosts on MRS Manager.
- To obtain the IP address of the active RangerAdmin node, choose Services > Ranger > Instances on MRS Manager.
- ${Certificate password} is a user-defined password.
- Log in to the MRS console.
- Choose and click a cluster name to go to the cluster details page.
- Choose Components > Ranger > Service Configuration and modify the RangerAdmin configuration.
- Search for the policymgr_https_keystore_password and change its value to the certificate password entered in 3, that is, ${Certificate password}.
You are advised to copy and paste the password. If the passwords are different, Ranger will fail to restart.
- Save the configuration and perform a rolling restart of RangerAdmin.
- Search for the policymgr_https_keystore_password and change its value to the certificate password entered in 3, that is, ${Certificate password}.
- Verify that you can log in to the RangerAdmin web UI.
- Choose Components > Ranger > Service Status. In Ranger Summary, click RangerAdmin corresponding to Ranger Web UI.
- On the Ranger web UI login page, the default username for MRS cluster 1.9.2 is admin and the password is admin@12345. The default username for MRS cluster 1.9.3 or later is admin and the password is ranger@A1!.
After logging in to the Ranger Web UI for the first time, change the password and keep it secure.
- Log in to the node where the RangerAdmin instance is located and delete the temporary files.
rm -rf /tmp/updateRangerJks.tar.gz
For a cluster with a custom topology, if the active master and RangerAdmin instances are not on the same node, log in to the active master node and delete temporary files.
- Download MRS_1.9_Patch_UpdateRangerJks_All_20210203.tar.gz from the obs-patch bucket and upload it to the /tmp directory on the node where the active RangerAdmin instance of the cluster runs.
Big Data Service Development FAQs
- Can MRS Run Multiple Flume Tasks at a Time?
- How Do I Change FlumeClient Logs to Standard Logs?
- Where Are the JAR Files and Environment Variables of Hadoop Stored?
- What Compression Algorithms Does HBase Support?
- Can MRS Write Data to HBase Through an HBase External Table of Hive?
- How Do I View HBase Logs?
- How Do I Set the TTL for an HBase Table?
- How Do I Connect to HBase of MRS Through HappyBase?
- How Do I Change the Number of HDFS Replicas?
- How Do I Modify the HDFS Active/Standby Switchover Class?
- What Data Type in Hive Tables Is Recommended for the Number Type of DynamoDB?
- Can the Hive Driver Be Interconnected with DBCP2?
- How Do I View the Hive Table Created by Another User?
- Where Can I Download the Dependency Package (com.huawei.gaussc10) in the Hive Sample Project?
- Can I Export the Query Result of Hive Data?
- What Should I Do If an Error Occurs When Hive Runs the beeline -e Command to Execute Multiple Statements?
- What Should I Do If a HiveSQL/HiveScript Job Fails to be Submitted After Hive Is Added?
- What Can I Do If the Excel File Downloaded by Hue Cannot Be Opened?
- How Do I Do If Sessions Are Not Released After Hue Connects to HiveServer and the Error Message "over max user connections" Is Displayed?
- How Do I Reset Kafka Data?
- What Access Protocols Are Supported by Kafka?
- What Should I Do If the Error Message "Not Authorized to access group XXX" Is Displayed When Kafka Topics Are Consumed?
- What Compression Algorithms Does Kudu Support?
- How Do I View Kudu Logs?
- How Do I Handle the Kudu Service Exceptions Generated During Cluster Creation?
- Does MRS Support Python Code?
- Does OpenTSDB Support Python APIs?
- How Do I Configure Other Data Sources on Presto?
- How Do I Update the Ranger Certificate in MRS 1.9.3?
- How Do I Connect to Spark Shell from MRS?
- How Do I Connect to Spark Beeline from MRS?
- Where Are the Execution Logs of Spark Jobs Stored?
- How Do I Specify a Log Path When Submitting a Task in an MRS Storm Cluster?
- How Do I Check the ResourceManager Configuration of Yarn?
- How Do I Modify the allow_drop_detached Parameter of ClickHouse?
- What Should I Do If an Alarm Indicating Insufficient Memory Is Reported During Spark Task Execution?
- How Do I Add a Periodic Deletion Policy to Prevent Large ClickHouse System Table Logs?
- How Do I Obtain a Spark JAR File?
- What Can I Do If an Alarm is Generated Because the NameNode Is not Restarted on Time After the hdfs-site.xml File Is Modified?
- What Should I Do If It Takes a Long Time for Spark SQL to Access Hive Partitioned Tables Before a Job Starts?
- What Should I Do If the spark.yarn.executor.memoryOverhead Setting Does Not Take Effect?
- How Do I Change the Time Zone of the ClickHouse Service?
- What Should I Do If the Connection to the ClickHouse Server Fails and Error Code 516 Is Reported?
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbotmore